Latest Tweets

Tunneling ILO over ssh

Do you want to access HP ILO via a SSH tunnel?

HP’s iLO (Integrated Lights Out) is great, especially if you wish to administer the server remotely for the installation of the OS, check the video output for a kernel panic when the OS is unresponsive, configure the BIOS, or just so that you can avoid standing in a cold server room or because you’re just not at the premises.

The servers that I administer come with iLO1, iLO2 or iLO3 and it’s great to see the interface developing at every release.

If the remote server is located on a remote LAN that does not expose the server to the outside world e.g. a DMZ you can tunnel a connection over ssh to provide access both to the remote iLO web interface over https, and the remote console that allows you to access the display of the remote machine via a browser based Java applet, as if you were using keyboard, mouse and monitor plugged into the machine itself.

So, how do you access iLO remote console over ssh?

To do so, you just need to forward a couple of ports via a handy ssh server somewhere on the remote network.

You may need to refer to some of the port settings within the iLO administration pages, I’ve included a screenshot of where to find them within iLO1 below:

The below steps assume that you have a proven, working ssh server on the remote network and the necessary ports are forwarded on your remote router to allow you access to the remote network and therefore, the iLO on the remote server.

find the necessary ports for java, Administration -> Access Settings -> Servicenote the port that your iLO is listening on for “remote console” – this is the port that the server will expect the Java remote console to be able to communicate over.

Now you need to create the relevant ssh tunnel, I’ve broken this down to a command with some bash variables to make it easier to understand what’s what.

the IP of iLO on your remote network

iloaddress=192.168.1.10

the local https port to forward

localhttps=8443

the https port the iLO is listening on

remotehttps=443

local port to forward for Remote Console (probably should be the same as the Remote Console Port within: Administration -> Access Settings -> Service)

Handily, this also gives you the PID(Process id) of your tunnel, so you can kill your tunnel like this:

kill <process id>

Let’s put the above together as a single block that you can paste into a text editor to make it into a bash script, all in one go along with bash comments to document it (once you’ve edited the parameters of course):